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DETAILED ACTION 

1 . Claims 1 - 26 are pending for examination. 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth In this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the inventton was made. 

3. Claims 1 - 12, 17 - 19, and 25 - 26 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Shandony, US patent no. 6,675,261 . 

4. As to claim 1, Shandony teaches a pattern recognition apparatus for grouping 
nodes according to relationships with other nodes, the apparatus comprising the steps 
of: 

an input for receiving an management of nodes, the arrangement comprising at 
least two partitions (groups of users and set of resources, col. 7 lines 63 - col. 8 lines 
30) of the nodes and with predetermined relationships (user access to specific resource 
of set of resources) between nodes across the partitions, and 



Application/Control Number: 10/087,990 Page 3 

Art Unit: 2194 

a pattern recognition unit (entity system, col. 7 and 8) associated with the input 
for using pattern recognition on the nodes and the relationships to find relationship 
patterns among the nodes thereby to form at least one group from nodes (group of 
users) of a first of the partition, wherein the nodes being formed into the group 
relationship with same ones of a predetermined number of resources in a second 
partition (user access to specific resource or set of resources). 

Shandony does not explicitly teach that the set of resources being as nodes. 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to recognize that set of resources would have the functionalities as 
nodes that keep the resources that has a predetermined relationship with the first group 
of nodes. 

5. As to claims 2 • 5, Shandony teaches the step of wherein the nodes in the first 
partition are users of a network (users of a network, col. 7 lines 63 - col. 8 lines 25, and 
col. 5 lines 20 - 30) the nodes in the second partition are resources (resources) of the 
network and the relationships are access pemnissions (allowed to access to particular 
resources), and the relationships are usage levels of respective resources by respective 
users. 

6. As to claim 6, Shandony teaches the step of wherein the nodes in the first 
partition are entities (users are entities, col. 6 lines 65 - 67, and col. 7 lines 63 - col. 8 
lines 25) having attributes (have resources after they get access) and the nodes in the 
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second partition represent the attributes (resources are attributes or data, col. 7 lines 1 
- 5), and the relationships represent a respective user possessing a respective 
attribute. 

7. . As to claim 7, Shandony teaches the step of wherein the pattern recognition unit 
is associated with a search engine (group nranager 44, col. 7 lines 63 - coL 8 lines 30) 
operable to use a search tree to begin with a single resource (group of user access to 
specific resource.) and its associated users, and iteratively to add resources and 
reniove users (deletion of users) not having a predefined relationship with the iteratively 
added resources (only add user when they need to access to application they need), to 
meet a resource number, or a user number constraint. 

8. As to claims 8 and 9, Shandony teaches the step of wherein the search engine 
Is operable to use a homogeneity measure for determine (group of users need identical 
access to specific resource, col. 7 lines 63 - 8 lines 30) whether to consider a candidate 
grouping in the search (multi-step workflows can define which users must obtain 
approval before being added to a group). 

9. As to claim 10, Shandony teaches the step of wherein the search engine is 
operable within the iterative stages (user can be added, col. 8 lines 10-30) to add 
further resources common to a current get of users. 
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10. As to claim 11, Shandony teaches the step of wherein the search engine is 
operable to compute a set of all users related to a current set of resources (users need 
Identical access to specific resource, col. 7 lines 63 - 8 lines 30). 

11. As to claim 12, Shandony teaches the step of the search engine is operable to 
consider for expansion all resources outside the current of resources (resources 22 is 
external ... accessible to a user on a network, col. 5 lines 58 - 67) that have at least 
one relationship connection with a current set of users. 



12. As to claim 17, Shandony teaches the step of wherein the pattern recognition 
unit is operable to use the partition recognition within an iterative tree searching process 
(query, col. 9 lines 15 - 30). 

1 3. As to claim 18, Shandony teaches the step of wherein the pattern recognition 
unit is operable to Insert (add user, col. 8 lines 10-30) the groupings as an 
intermediate partition amongst the nodes thereby to redefine the relationships through 
the groupings. 

14. As to claim 19, Shandony teaches the step of wherein the nodes are arranged 
into three partitions, an intermediate one of the partitions (group manager 44, col. 7 and 
8) comprising predetermined relationship dependent groupings of at least some of the 
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nodes in a first of the partitions, the pattern recognition unit being operable to use the 
pattern recognition to add new groups to the intermediate partition. 

1 5. As to claim 25, this is the method claim of claim 1 . See rejection for claim 1 
above. 

16. Asio claim 26, this is the product claim of claim 1 . See rejection for claim 1 
above. 

17. Claims 13 - 16 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Shandony, US patent no. 6,675,261 in view of Riddle, Pub. No. 2003/0061263. 

18. As to claims 13 - 16, Shandony teaches log value (log-on, col. 6 lines 55 - 60, 
and col. 9 lines 5 - 20, and col, 7 lines 64 - 67), controlling the groups (which user is in 
the groups, col. 7 and 8), wherein the set of users associated with each of the nodes Is 
associated with attributes (when user access to resources, col. 8 lines 10 - 30). 

Shandony does not explicitly teach the step of wherein the homogeneity measure 
is the percentage of occurrence of given attribute, multiplied by the log value thereof, 
summed over all such users in the result. 

Riddle teaches the sum of users accessing to attributes (total number of active 
users accessing to resources, [001 80]). 
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It would have been obvious to one of skill in the art at the time the invention was 
made to combine the teaching of Shandony and Riddle's system because Riddle's sum 
of user would provide the total of user in the specific groups that access the attributes. 



19. Claims 20 - 24 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Shandony, US patent no. 6,675,261 in view of Brown, US patent no. 
5,941,947. 

20. As to claim 20, Shandony does not explicitly teach the step of wherein the input 
is associated with a graphical expositors which presents the input in a graph. 

Brown teaches the steps of wherein the graphical expositor presents the input in 
a graph (acyclic graphs, col. 12 lines 51 - col. 13 line 38). 

. It would have been obvious to one of skill in the art at the time the invention was 
made to combine the teaching of Shandony and Brown's system because Brown's 
graph would provide the tree structure of the system with partitioned groups on different 
levels for easy controlling access. 

21 . As to claim 21 , Shandony modified by Brown teaches the step of wherein the 
graphical exposistor is user interactive to manually (Shandony; IF statff can assign .... 
Add new users, col. 7 lines 45 - 50) assign modify the groupings discovered by the 
pattern recognition engine. 
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22. As to claims 22 - 23, Brown teaches the steps of wherein the graphical 
expositor is further operable to partition the graph into sub-graphs (acyclic graphs, col. 
12 lines 51 - col. 13 line 38), each of the sub-graphs itself being a nnentioned graph 
having at least two partitions, sub-graphs being limited to it subset of the nodes in one 
of the partitions, and further comprising all the nodes in the other partition that are linked 
thereto, and wherein the pattern recognition unit is further operable to perform 
groupings on each of the sub-graphs, and then to merge the results into a full graph. 

It would have been obvious to one of skill in the art at the time the invention was 
made to combine the teaching of Shandony and Brown's system because Brown's 
graph would provide the tree structure of the system with partitioned groups on different 
levels for easy controlling access. 

23. As to claim 24, see rejection for claim 21 above. 

Response to Arguments 

24. Applicant's arguments filed 4/25/05 have been fully considered but they are not 
persuasive. 

25. Applicant argued in substance that 
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(1 ) Shandony does not teach the claimed limitation "method and apparatus 
for automatic grouping by shared resource utilization and more particularly but 
not exclusively to grouping of users into roles according to their access rights to 
shared resources, typically but again not exclusively over a network" as required 
by claim 1 . 

26. Examiner respectfully disagree with applicant's remark 

As to point 1 , Examiner did not see anywhere in claim 1 claiming the method 
mention above done automatically. In fact, dependent claims 21 and 24 claimed 
the method is done manually. Shadony teaches the method grouping by shared 
resource utilization and more particularly but not exclusively to grouping of users 
into roles according to their access rights to shared resources, typically but again 
not exclusively over a network (groups of users and set of resources, col. 7 lines 
63 - col. 8 lines 30) of the nodes and with predetermined relationships (user 
access to specific resource of set of resources). This method can be done both 
automatically (users can be automatically added or removed, col. 8 lines 10-30) 
and manually (IT staff can assign applicant access, whereas department 
manager can add new users, col. 7 lines 45 - 50). 
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Conclusion 

27. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
nrailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .1 36(a) will be calculated from the nfiailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

28. Any inquiry conceming this communication or earlier communications from the 
examiner should be directed to Phuong N. Hoang whose telephone number is 

(571 )272-3763. The examiner can normally be reached on Monday - Friday 9:00 am to 
5:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Meng-Ai An can be reached on (571 )272-3756. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications nnay be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Ph 
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